[
https://issues.apache.org/jira/browse/CASSANDRA-10391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15009517#comment-15009517
]
Devin Suiter commented on CASSANDRA-10391:
--
If you are using sstableloader in a secure environment with SSL, you need to
pass the TrustFactory option, -tf, along with the truststore and password, or
truststore, keystore, and passwords. See
http://docs.datastax.com/en/datastax_enterprise/4.5/datastax_enterprise/tools/toolsSStblLd.html?scroll=toolsSStblLd__secSstblldrNde
for details.
> sstableloader fails with client SSL enabled with non-standard
> keystore/truststore location
> --
>
> Key: CASSANDRA-10391
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10391
> Project: Cassandra
> Issue Type: Bug
> Components: Tools
> Environment: [cqlsh 4.1.1 | Cassandra 2.0.14.425 | DSE 4.6.6 | CQL
> spec 3.1.1 | Thrift protocol 19.39.0]
> [cqlsh 5.0.1 | Cassandra 2.1.8.689 | DSE 4.7.3 | CQL spec 3.2.0 | Native
> protocol v3]
>Reporter: Jon Moses
>Assignee: Andrew Hust
>
> If client SSL is enabled, sstableloader is unable to access the keystore and
> truststore if they are not in the expected locations. I reproduce this issue
> providing {{-f /path/to/cassandra.yaml}} as well as manually using the
> {{-ks}} flag with the proper path to the keystore.
> For example:
> {noformat}
> client_encryption_options:
> enabled: true
> keystore: /var/tmp/.keystore
> {noformat}
> {noformat}
> # sstableloader -d 172.31.2.240,172.31.2.241 -f
> /etc/dse/cassandra/cassandra.yaml Keyspace1/Standard1/
> Could not retrieve endpoint ranges:
> java.io.FileNotFoundException: /usr/share/dse/conf/.keystore
> Run with --debug to get full stack trace or --help to get help.
> #
> # sstableloader -d 172.31.2.240,172.31.2.241 -ks /var/tmp/.keystore
> Keyspace1/Standard1/
> Could not retrieve endpoint ranges:
> java.io.FileNotFoundException: /usr/share/dse/conf/.keystore
> Run with --debug to get full stack trace or --help to get help.
> #
> {noformat}
> The full stack is:
> {noformat}
> # sstableloader -d 172.31.2.240,172.31.2.241 -f
> /etc/dse/cassandra/cassandra.yaml --debug Keyspace1/Standard1/
> Could not retrieve endpoint ranges:
> java.io.FileNotFoundException: /usr/share/dse/conf/.keystore
> java.lang.RuntimeException: Could not retrieve endpoint ranges:
> at
> org.apache.cassandra.tools.BulkLoader$ExternalClient.init(BulkLoader.java:283)
> at
> org.apache.cassandra.io.sstable.SSTableLoader.stream(SSTableLoader.java:144)
> at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:95)
> Caused by: java.io.FileNotFoundException: /usr/share/dse/conf/.keystore
> at
> com.datastax.bdp.transport.client.TClientSocketFactory.getSSLSocket(TClientSocketFactory.java:128)
> at
> com.datastax.bdp.transport.client.TClientSocketFactory.openSocket(TClientSocketFactory.java:114)
> at
> com.datastax.bdp.transport.client.TDseClientTransportFactory.openTransport(TDseClientTransportFactory.java:186)
> at
> com.datastax.bdp.transport.client.TDseClientTransportFactory.openTransport(TDseClientTransportFactory.java:120)
> at
> com.datastax.bdp.transport.client.TDseClientTransportFactory.openTransport(TDseClientTransportFactory.java:111)
> at
> org.apache.cassandra.tools.BulkLoader$ExternalClient.createThriftClient(BulkLoader.java:302)
> at
> org.apache.cassandra.tools.BulkLoader$ExternalClient.init(BulkLoader.java:254)
> ... 2 more
> root@ip-172-31-2-240:/tmp/foo#
> {noformat}.
> If I copy the keystore to the expected location, I get the same error with
> the truststore.
> {noformat}
> # sstableloader -d 172.31.2.240,172.31.2.241 -f
> /etc/dse/cassandra/cassandra.yaml --debug Keyspace1/Standard1/
> Could not retrieve endpoint ranges:
> java.io.FileNotFoundException: /usr/share/dse/conf/.truststore
> java.lang.RuntimeException: Could not retrieve endpoint ranges:
> at
> org.apache.cassandra.tools.BulkLoader$ExternalClient.init(BulkLoader.java:283)
> at
> org.apache.cassandra.io.sstable.SSTableLoader.stream(SSTableLoader.java:144)
> at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:95)
> Caused by: java.io.FileNotFoundException: /usr/share/dse/conf/.truststore
> at
> com.datastax.bdp.transport.client.TClientSocketFactory.getSSLSocket(TClientSocketFactory.java:130)
> at
> com.datastax.bdp.transport.client.TClientSocketFactory.openSocket(TClientSocketFactory.java:114)
> at
> com.datastax.bdp.transport.client.TDseClientTransportFactory.openTransport(TDseClientTransportFactory.java:186)
> at
> com.datastax.bdp.transport.client.TDseClientTransportFactory.openTransport(TDseClientTransportFactory.java:120)
> at
>